Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.

A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed.

An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.

Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .

dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x0008F598 which calls the "mailLoginTest" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.

A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue.

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.